112 Security Blogs

Last Updated: 20 Nov 24 22:16 UTC

Blog List | Github | OPML

2024-11-20

Malwarebytes
“Sad announcement” email leads to tech support scam

Malwarebytes
Update now! Apple confirms vulnerabilities are already being exploited

Malwarebytes
AI Granny Daisy takes up scammers’ time so they can’t bother you

Rapid7
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Rapid7
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

Okta Security
Five Reasons to Upgrade your Org to Okta Identity Engine

Datadog HQ
How attackers take advantage of Microsoft 365 services

Auth0
Native Login with Passkeys Is Now in Limited Early Access for Android Applications!

Cloudflare
Bigger and badder: how DDoS attack sizes have evolved over the last decade

Cloudflare
Resilient Internet connectivity in Europe mitigates impact from multiple cable cuts

Schneier on Security
Steve Bellovin’s Retirement Talk

HackerOne
How HackerOne Employees Stay Connected and Have Fun

Eclypsium
Detecting Pacific Rim IOCs with Eclypsium

Dark Reading
It's Near-Unanimous: AI, ML Make the SOC Better

Dark Reading
China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data

Dark Reading
Alleged Ford 'Breach' Encompasses Auto Dealer Info

Dark Reading
Apple Urgently Patches Actively Exploited Zero-Days

Dark Reading
Small US Cyber Agencies Are Underfunded & That's a Problem

Dark Reading
'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Dark Reading
African Reliance on Foreign Suppliers Boosts Insecurity Concerns

Dark Reading
DeepTempo Launches AI-Based Security App for Snowflake

Dark Reading
RIIG Launches With Risk Intelligence Solutions

Dark Reading
SWEEPS Educational Initiative Offers Application Security Training

Talos Intelligence
Malicious QR Codes: How big of a problem is it, really?

Synacktiv
Relaying Kerberos over SMB using krbrelayx

Google Security Blog
Leveling Up Fuzzing: Finding more vulnerabilities with AI

Krebs on Security
Fintech Giant Finastra Investigating Data Breach

Palo Alto Networks
Automation in Action — How 3 Customers Revolutionized SecOps with XSOAR


2024-11-19

Malwarebytes
Free AI editor lures in victims, installs information stealer instead on Windows and Mac

Malwarebytes
AI is everywhere, and Boomers don’t trust it 

Trail of Bits
Evaluating Solidity support in AI coding assistants

Rapid7
Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

Rapid7
Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub

Fastly
Fastly Achieves AWS Retail Competency Status

Cloudflare
DO it again: how we used Durable Objects to add WebSockets support and authentication to AI Gateway

Schneier on Security
Why Italy Sells So Much Spyware

Security Cafe
Azure CloudQuarry: Searching for secrets in Public VM Images

Amazon Security
Securing the RAG ingestion pipeline: Filtering mechanisms

Amazon Security
Important changes to CloudTrail events for AWS IAM Identity Center

HackerOne
How REI Strengthens Security with HackerOne’s Global Security Researcher Community

watchTowr Labs
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Dark Reading
Linux Variant of Helldown Ransomware Targets VMware ESXi Systems

Dark Reading
Russian Ransomware Gangs on the Hunt for Pen Testers

Dark Reading
'Phobos' Ransomware Cybercriminal Extradited From South Korea

Dark Reading
Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree

Dark Reading
We Can Do Better Than Free Credit Monitoring After a Breach

NVISO Labs
The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation

Snyk
Women in security: Inspiring leaders of today and tomorrow

Snyk
How to prioritize vulnerabilities based on risk

Zero Day Initiative
Looking at the Internals of the Kenwood DMX958XR IVI

Meta Security
Sequence learning: A paradigm shift for personalized ads recommendations

Palo Alto Networks
Empower Developers to Secure AI Applications Through Code


2024-11-18

Veracode
Software Liability Comes to the EU: Navigating New Compliance Challenges

Malwarebytes
An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)

Malwarebytes
QuickBooks popup scam still being delivered via Google ads

Malwarebytes
A week in security (November 11 – November 17)

Rapid7
Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products

Datadog HQ
Detect anomalies before they become incidents with Datadog AIOps

Datadog HQ
Identify deprecated Lambda functions with Datadog

Fastly
Fastly named a Leader in the IDC MarketScape: Worldwide Edge Delivery Services 2024

Schneier on Security
Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Amazon Security
Threat modeling your generative AI workload to evaluate security risk

Dark Reading
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Dark Reading
Security Industry Association Announces SIA RISE Scholarship Awardees

Dark Reading
AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

Dark Reading
Kyndryl & Microsoft Unveil New Services to Advance Cyber Resilience for Customers

Dark Reading
Akamai Reports Third Quarter 2024 Financial Results

Dark Reading
Bugcrowd Names Trey Ford as CISO

Dark Reading
Jen Easterly, CISA Director, to Step Down on Inauguration Day

Dark Reading
Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover

Dark Reading
Akira Ransomware Racks Up 30+ Victims in a Single Day

Dark Reading
Name That Toon: Meeting of Minds

Dark Reading
To Map Shadow IT, Follow Citizen Developers

Dark Reading
Palo Alto Networks Patches Critical Zero-Day Firewall Bug

Dark Reading
Why the Demand for Cybersecurity Innovation Is Surging

Dark Reading
DHS Releases Secure AI Framework for Critical Infrastructure


2024-11-17

Troy Hunt
Weekly Update 426

MaskRay's Blog
Removing global state from LLD


2024-11-15

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 46

SentinelOne
Securing AWS Lambda | How Misconfigurations Can Lead to Lateral Movement

Malwarebytes
Malicious QR codes sent in the mail deliver malware

Rapid7
Metasploit Weekly Wrap-Up: 11/15/2024

Rapid7
New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations

Rapid7
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces

Datadog HQ
Best practices for creating least-privilege AWS IAM policies

Datadog HQ
Detect and troubleshoot Windows Blue Screen errors with Datadog

Schneier on Security
Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Schneier on Security
Good Essay on the History of Bad Password Policies

Rezonate
Silverfort acquires Rezonate to expand its cloud identity security offerings

Rezonate
Silverfort to Acquire Rezonate

Amazon Security
Secure by Design: AWS enhances centralized security controls as MFA requirements expand

Amazon Security
Updated whitepaper: Architecting for PCI DSS Segmentation and Scoping on AWS

HackerOne
Flexible Data Retrieval at Scale with HAQL

HackerOne
AI in SecOps: How AI is Impacting Red and Blue Team Operations

Dark Reading
Microsoft Pulls Exchange Patches Amid Mail Flow Issues

Dark Reading
ChatGPT Exposes Its Instructions, Knowledge & OS Files

Dark Reading
Combating the Rise of Federally Aimed Malicious Intent

Dark Reading
Lessons From OSC&R on Protecting the Software Supply Chain

Dark Reading
Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats

Dark Reading
TSA Proposes Cyber-Risk Mandates for Pipelines, Transportation Systems

Bad Security
What are the business risks of trusting AI?

Google Security Blog
Retrofitting spatial safety to hundreds of millions of lines of C++

Krebs on Security
An Interview With the Target & Home Depot Hacker


2024-11-14

SentinelOne
The State of Cloud Ransomware in 2024

Malwarebytes
122 million people’s business contact info leaked by data broker

Malwarebytes
Advertisers are pushing ad and pop-up blockers using old tricks

Malwarebytes
Scammer robs homebuyers of life savings in $20 million theft spree

Trail of Bits
Attestations: A new generation of signatures on PyPI

Datadog HQ
Best practices for monitoring LLM prompt injection attacks to protect sensitive data

Datadog HQ
Integrate usage data into your product analytics strategy

Fastly
Streamline Your Logging with Grafana Integration

Cloudflare
What’s new in Cloudflare: Account Owned Tokens and Zaraz Automated Actions

Schneier on Security
New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

HackerOne
How HackerOne Disproved an MFA Bypass With a Spot Check

HackerOne
HackerOne’s Fall Day of Service

watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575

Eclypsium
Revisiting Battery Safety

Dark Reading
Frenos Takes Home the Prize at 2024 DataTribe Challenge

Dark Reading
Varonis Warns of Bug Discovered in PostgreSQL PL/Perl

Dark Reading
Idaho Man Turns to RaaS to Extort Orthodontist

Dark Reading
The Vendor's Role in Combating Alert Fatigue

Dark Reading
Cloud Ransomware Flexes Fresh Scripts Against Web Apps

Dark Reading
Washington's Cybersecurity Storm of Complacency

Dark Reading
Microsoft Power Pages Leak Millions of Private Records

Dark Reading
Hamas Hackers Spy on Mideast Gov'ts, Disrupt Israel

Google Safety & Security
A new way we’re helping others track frauds and scams online

Google Safety & Security
A safer internet: policy recommendations for fighting scams and fraud together

Talos Intelligence
New PXA Stealer targets government and education sectors for sensitive information

Claroty
CVE-2024-47255

Claroty
CVE-2024-47254

Claroty
CVE-2024-47253

Snyk
Understanding command injection vulnerabilities in Go

Palo Alto Networks
The Intersection of Marketing and Technology

Palo Alto Networks
2025 Predictions — How One Year Will Redefine the Cybersecurity Industry


2024-11-13

Dark Reading
OpenText Cybersecurity Unveils 2024's Nastiest Malware

Dark Reading
Toolkit Vastly Expands APT41's Surveillance Powers

Dark Reading
Lacoste First to Use AI-Powered Anti-counterfeiting Solution

Dark Reading
Zero-Days Win the Prize for Most Exploited Vulns

Dark Reading
CISA Releases Its First Ever International Strategic Plan

Dark Reading
Trustwave-Cybereason Merger Boosts MDR Portfolio